From 25f2b4e2edc9a162d3d9ecbd9f26e25da4848735 Mon Sep 17 00:00:00 2001 From: Joshua Crowgey Date: Tue, 3 Apr 2018 16:24:06 -0700 Subject: Raise ve on bad gt (#4180) * Raise a ValueError when conversion to generalizedtime fails * added test for badasn1time value error * pep8 compliance * Addressing code review + VE now raises with ```{!r}``` formatting + Test now checks that the bad string made it into the VE message * using ValueError.match --- src/cryptography/hazmat/backends/openssl/decode_asn1.py | 8 +++++++- tests/x509/test_x509.py | 12 ++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py index 24eb55b1..31fb8cfc 100644 --- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py +++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py @@ -734,7 +734,13 @@ def _parse_asn1_time(backend, asn1_time): generalized_time = backend._lib.ASN1_TIME_to_generalizedtime( asn1_time, backend._ffi.NULL ) - backend.openssl_assert(generalized_time != backend._ffi.NULL) + if generalized_time == backend._ffi.NULL: + raise ValueError( + "Couldn't parse ASN.1 time as generalizedtime {!r}".format( + _asn1_string_to_bytes(backend, asn1_time) + ) + ) + generalized_time = backend._ffi.gc( generalized_time, backend._lib.ASN1_GENERALIZEDTIME_free ) diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index 4a34d4a9..720db78e 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -3752,6 +3752,18 @@ class TestOtherCertificate(object): with pytest.raises(ValueError): cert.public_key() + def test_bad_time_in_validity(self, backend): + cert = _load_cert( + os.path.join( + "x509", "badasn1time.pem" + ), + x509.load_pem_x509_certificate, + backend, + ) + + with pytest.raises(ValueError, match='19020701025736Z'): + cert.not_valid_after + class TestNameAttribute(object): EXPECTED_TYPES = [ -- cgit v1.2.3